Mailing List Archive

There have been rumor going around that Bungie.net was hacked and that a portion of Xbox live has been taken over because of it. Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag.

I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it"

If anyone else has experienced their Xbox live account info being stolen let me know. I am trying to archive as much info on this as possible. During the conversations I have had with Xbox live support I would certainly say that Microsoft staff is more than negligent in dealing with this issue especially with regard to the potential theft of personal information.

I'm sorry but I find this funny actually. :-P Seems Microsoft has a weakness.

On 3/17/07, Kevin Finisterre (lists) <kf_lists@digitalmunition.com> wrote: > There have been rumor going around that Bungie.net was hacked and > that a portion of Xbox live has been taken over because of it. Some > folks are having their Microsoft points stolen and or points > purchased via their stolen gamer tag. > > I just got off the phone with a Microsoft Tech for Xbox live that has > confirmed this to with me and they have stated that accounts are > being stolen and that "Hackers have control of Xbox live and there is > nothing we can do about it" > > If anyone else has experienced their Xbox live account info being > stolen let me know. I am trying to archive as much info on this as > possible. During the conversations I have had with Xbox live support > I would certainly say that Microsoft staff is more than negligent in > dealing with this issue especially with regard to the potential theft > of personal information. > > -KF > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/>

There have been rumor going around that Bungie.net was hacked and that a portion of Xbox live has been taken over because of it. Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag. I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it" If anyone else has experienced their Xbox live account info being stolen let me know. I am trying to archive as much info on this as possible. During the conversations I have had with Xbox live support I would certainly say that Microsoft staff is more than negligent in dealing with this issue especially with regard to the potential theft of personal information. -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html"]http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/"]http://secunia.com/

Is there not a secondary layer of economics for points ?? WoW and SL has virtual $$ being bartered into real world value...

On 3/17/07, Jason Miller <jammer128@gmail.com> wrote: > > I'm sorry but I find this funny actually. :-P Seems Microsoft has a > weakness. > > On 3/17/07, Kevin Finisterre (lists) <kf_lists@digitalmunition.com> wrote: > > There have been rumor going around that Bungie.net was hacked and > > that a portion of Xbox live has been taken over because of it. Some > > folks are having their Microsoft points stolen and or points > > purchased via their stolen gamer tag. > > > > I just got off the phone with a Microsoft Tech for Xbox live that has > > confirmed this to with me and they have stated that accounts are > > being stolen and that "Hackers have control of Xbox live and there is > > nothing we can do about it" > > > > If anyone else has experienced their Xbox live account info being > > stolen let me know. I am trying to archive as much info on this as > > possible. During the conversations I have had with Xbox live support > > I would certainly say that Microsoft staff is more than negligent in > > dealing with this issue especially with regard to the potential theft > > of personal information. > > > > -KF > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/>

I find it funny too... there is nothing more than I love to hear than an Microsoft employee telling me that their network is pwned and there is nothing they can do about it. -KF

On Mar 17, 2007, at 7:33 PM, Jason Miller wrote:

> I'm sorry but I find this funny actually. :-P Seems Microsoft has a > weakness. > > On 3/17/07, Kevin Finisterre (lists) <kf_lists@digitalmunition.com> > wrote: >> There have been rumor going around that Bungie.net was hacked and >> that a portion of Xbox live has been taken over because of it. Some >> folks are having their Microsoft points stolen and or points >> purchased via their stolen gamer tag. >> >> I just got off the phone with a Microsoft Tech for Xbox live that has >> confirmed this to with me and they have stated that accounts are >> being stolen and that "Hackers have control of Xbox live and there is >> nothing we can do about it" >> >> If anyone else has experienced their Xbox live account info being >> stolen let me know. I am trying to archive as much info on this as >> possible. During the conversations I have had with Xbox live support >> I would certainly say that Microsoft staff is more than negligent in >> dealing with this issue especially with regard to the potential theft >> of personal information. >> >> -KF >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html>> Hosted and sponsored by Secunia - http://secunia.com/>> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/

Zune Market Place and Xbox live share the same system for points / dollars. -KF

On Mar 17, 2007, at 8:49 PM, Peter Dawson wrote:

> why ?? > > Is there not a secondary layer of economics for points ?? WoW and > SL has virtual $$ being bartered into real world value... > > On 3/17/07, Jason Miller <jammer128@gmail.com> wrote: > I'm sorry but I find this funny actually. :-P Seems Microsoft has a > weakness. > > On 3/17/07, Kevin Finisterre (lists) <kf_lists@digitalmunition.com> > wrote: > > There have been rumor going around that Bungie.net was hacked and > > that a portion of Xbox live has been taken over because of it. Some > > folks are having their Microsoft points stolen and or points > > purchased via their stolen gamer tag. > > > > I just got off the phone with a Microsoft Tech for Xbox live that > has > > confirmed this to with me and they have stated that accounts are > > being stolen and that "Hackers have control of Xbox live and > there is > > nothing we can do about it" > > > > If anyone else has experienced their Xbox live account info being > > stolen let me know. I am trying to archive as much info on this as > > possible. During the conversations I have had with Xbox live support > > I would certainly say that Microsoft staff is more than > negligent in > > dealing with this issue especially with regard to the potential > theft > > of personal information. > > > > -KF > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/

Here is someone on youtube with the same problem.... using a capture card to get the guy on video talking about it. He blatantly says he can steal any account on your xbox with just your IP address. One side of the conversation has been cut out but you can clearly hear the gentleman talking about stealing the account.

Hi Ashley... I can certainly understand your frustration. Although my account was "taken care of" and I was ultimately given some things to quiet me down, I never got an explanation of what *really* happened, I never got any information about who I could prosecute or anything like that. As you can see I had to be very vocal about the whole situation in order to get my issue taken care of and the process was quite lengthy, time consuming and frustrating, so good luck.

I have CC'd a gentleman from Microsoft that got me taken care of in the past. He should hopefully be able to help you out, no promises of course.

I think it would be fair of me to say really don't like Microsoft's "disclosure policy" under these circumstances. -KF

On Aug 7, 2007, at 5:08 PM, Ashley Wilson wrote:

> Hey there, > > I'm so very frustrated with Microsoft and went on a search to see > if anyone else has had the same issue and low and behold, I came > across you're article of sorts. > > Its been over a month now, since I was hacked. I woke up on a > Sunday morning, check my email as I do everyday. I had 4 emails > from Microsoft stating I purchased 20000 Microsoft points and a > year subscription. As most people would, I panicked and wondered > what kind of insane thing happened. When I turned on my Xbox and > attempted to log into my account, I couldn't. My boyfriend shortly > after that, recovered my account on the Xbox and we came to find > out that my username had been changed, all my friends had been > deleted off my list and my motto was changed to "LOL I got jacked." > > I was furious to think someone could do such a thing. They not only > stole my account but over 400 dollars was spent on my credit card. > > I called Microsoft support shortly after that. I got the "run > around." Transferred to one agent and then another. They basically > accused me of giving out the information. I eventually got to speak > to a supervisor, who assured me that everything would be taken care > of. They even said they would catch the individual that did this > and assured me a phone call in a few days, as they had to send in a > full investigation the next day. > > 3 weeks later and I was still waiting for a call. > > I decided it was time for me to call them, since obviously I as a > customer wasn't important to them. Again, the "run around." I spoke > with again, another supervisor who informed me that they hadn't > even sent out the investigation yet. He assured me that he would > send it out that very day and I should receive a call within 3 days. > > I sat home waiting to receive a call for 3 days. > > Again, I never received a phone call. > > By the 4th day, I called again. > > Speaking with an agent who assured me, I will receive a call. "Its > under investigation now, you have to wait for a phone call." > > Now, 2 weeks later and I called again today. > > I'm told that they attempted to call me today and I have to wait to > speak with them because there is nothing they can do. I paid for a > subscription that I am not getting to use and apparently won't be > able to use. I'd also like to mention when he said they tried > calling today, he said they left a voice mail message. I don't have > voice mail, so I got concerned. Then he read "my phone number" It > wasn't even my number and I had never heard the number in my life. > Slightly odd, since I gave them my phone number the previous time I > had called. > > Now I'm suppose to receive a call this Thursday. We will see.... I > won't hold my breathe. > > I am so very frustrated that Microsoft as huge a cooperation as > they are, doesn't even have the decency to call me or reimburse me > for a 50 dollar Xbox live account. > > I apologize for this longwinded email and I'm not even sure if you > still care about this issue but I was quite overjoyed to see I > wasn't alone. > > Sincerely > > Ashley Wilson > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/

When someone fraudulently charges your credit card you should immediately complain to the card issuer in writing so the charge can be reversed and charged back to the merchant who accepted the fraudulent credentials. That is one of the advantages of a credit card - the loss can be charged back, and a merchant who accepts bogus information is liable if it turns out to be fake.

There is often a 60 day period to notify of this, so if you have not written your card issuer before, don't delay. Some of the "wait..." tactics can have the effect of your losing the right to get the purchase charged back if you don't get the notice out in time.

As with any such messages, too, send with return receipt requested so you can prove that you got the message sent and that it got to the bank. It is probably ok to send two letters, one normal and one with return receipt, mentioning they both exist, in case a mail room doesn't know how to handle one of them. That is not malice, just human confusion, but it's easy to print out two letters and might help especially if your time is now short.

Writing in like this does not mean the merchant can't make things right; it just ensures the fraud claim gets known by the card issuer bank and that it should not be treated as an ordinary charge on your card bill. It can also sometimes get the merchant's attention since the bank will now be after the merchant to prove the charge was not fraudulent...it's not just you vs. the company.

These kinds of cases are possibly harbingers of the future. Trusting some consumer owned box as evidence of who he is is not foolproof. Bets on that being an issue with consumer PCs, cell phones, etc.?

Hi Ashley... I can certainly understand your frustration. Although my account was "taken care of" and I was ultimately given some things to quiet me down, I never got an explanation of what *really* happened, I never got any information about who I could prosecute or anything like that. As you can see I had to be very vocal about the whole situation in order to get my issue taken care of and the process was quite lengthy, time consuming and frustrating, so good luck.

I have CC'd a gentleman from Microsoft that got me taken care of in the past. He should hopefully be able to help you out, no promises of course.

I think it would be fair of me to say really don't like Microsoft's "disclosure policy" under these circumstances. -KF

On Aug 7, 2007, at 5:08 PM, Ashley Wilson wrote:

> Hey there, > > I'm so very frustrated with Microsoft and went on a search to see > if anyone else has had the same issue and low and behold, I came > across you're article of sorts. > > Its been over a month now, since I was hacked. I woke up on a > Sunday morning, check my email as I do everyday. I had 4 emails > from Microsoft stating I purchased 20000 Microsoft points and a > year subscription. As most people would, I panicked and wondered > what kind of insane thing happened. When I turned on my Xbox and > attempted to log into my account, I couldn't. My boyfriend shortly > after that, recovered my account on the Xbox and we came to find > out that my username had been changed, all my friends had been > deleted off my list and my motto was changed to "LOL I got jacked." > > I was furious to think someone could do such a thing. They not only > stole my account but over 400 dollars was spent on my credit card. > > I called Microsoft support shortly after that. I got the "run > around." Transferred to one agent and then another. They basically > accused me of giving out the information. I eventually got to speak > to a supervisor, who assured me that everything would be taken care > of. They even said they would catch the individual that did this > and assured me a phone call in a few days, as they had to send in a > full investigation the next day. > > 3 weeks later and I was still waiting for a call. > > I decided it was time for me to call them, since obviously I as a > customer wasn't important to them. Again, the "run around." I spoke > with again, another supervisor who informed me that they hadn't > even sent out the investigation yet. He assured me that he would > send it out that very day and I should receive a call within 3 days. > > I sat home waiting to receive a call for 3 days. > > Again, I never received a phone call. > > By the 4th day, I called again. > > Speaking with an agent who assured me, I will receive a call. "Its > under investigation now, you have to wait for a phone call." > > Now, 2 weeks later and I called again today. > > I'm told that they attempted to call me today and I have to wait to > speak with them because there is nothing they can do. I paid for a > subscription that I am not getting to use and apparently won't be > able to use. I'd also like to mention when he said they tried > calling today, he said they left a voice mail message. I don't have > voice mail, so I got concerned. Then he read "my phone number" It > wasn't even my number and I had never heard the number in my life. > Slightly odd, since I gave them my phone number the previous time I > had called. > > Now I'm suppose to receive a call this Thursday. We will see.... I > won't hold my breathe. > > I am so very frustrated that Microsoft as huge a cooperation as > they are, doesn't even have the decency to call me or reimburse me > for a 50 dollar Xbox live account. > > I apologize for this longwinded email and I'm not even sure if you > still care about this issue but I was quite overjoyed to see I > wasn't alone. > > Sincerely > > Ashley Wilson > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/

----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you.

On Tue, Aug 07, 2007 at 06:08:51PM -0300, Ashley Wilson wrote: > Hey there, > > I'm so very frustrated with Microsoft and went on a search to see if anyone > else has had the same issue and low and behold, I came across you're article > of sorts. > > Its been over a month now, since I was hacked. I woke up on a Sunday > morning, check my email as I do everyday. I had 4 emails from Microsoft > stating I purchased 20000 Microsoft points and a year subscription. As most > people would, I panicked and wondered what kind of insane thing happened. > When I turned on my Xbox and attempted to log into my account, I couldn't. > My boyfriend shortly after that, recovered my account on the Xbox and we > came to find out that my username had been changed, all my friends had been > deleted off my list and my motto was changed to "LOL I got jacked." > > I was furious to think someone could do such a thing. They not only stole my > account but over 400 dollars was spent on my credit card. > > I called Microsoft support shortly after that. I got the "run around." > Transferred to one agent and then another. They basically accused me of > giving out the information. I eventually got to speak to a supervisor, who > assured me that everything would be taken care of. They even said they would > catch the individual that did this and assured me a phone call in a few > days, as they had to send in a full investigation the next day. > > 3 weeks later and I was still waiting for a call. > > I decided it was time for me to call them, since obviously I as a customer > wasn't important to them. Again, the "run around." I spoke with again, > another supervisor who informed me that they hadn't even sent out the > investigation yet. He assured me that he would send it out that very day and > I should receive a call within 3 days. > > I sat home waiting to receive a call for 3 days. > > Again, I never received a phone call. > > By the 4th day, I called again. > > Speaking with an agent who assured me, I will receive a call. "Its under > investigation now, you have to wait for a phone call." > > Now, 2 weeks later and I called again today. > > I'm told that they attempted to call me today and I have to wait to speak > with them because there is nothing they can do. I paid for a subscription > that I am not getting to use and apparently won't be able to use. I'd also > like to mention when he said they tried calling today, he said they left a > voice mail message. I don't have voice mail, so I got concerned. Then he > read "my phone number" It wasn't even my number and I had never heard the > number in my life. Slightly odd, since I gave them my phone number the > previous time I had called. > > Now I'm suppose to receive a call this Thursday. We will see.... I won't > hold my breathe. > > I am so very frustrated that Microsoft as huge a cooperation as they are, > doesn't even have the decency to call me or reimburse me for a 50 dollar > Xbox live account. > > I apologize for this longwinded email and I'm not even sure if you still > care about this issue but I was quite overjoyed to see I wasn't alone. > > Sincerely > > Ashley Wilson